WhatIs.com

data loss prevention (DLP)

By Garry Kranz

What is data loss prevention (DLP)?

Data loss prevention (DLP) -- sometimes referred to as data leak prevention, information loss prevention and extrusion prevention -- is a strategy to mitigate threats to critical data. DLP is commonly implemented as part of an organization's plan for overall data security.

Using a variety of software tools and data privacy practices, DLP aims to prevent unauthorized access to sensitive information. It does this by classifying the different content types within a data object and applying automated protection policies.

A multilayered DLP strategy ensures sensitive information remains behind a network firewall. Creating a DLP plan also enables an organization to review and update its data storage and retention policies to maintain regulatory compliance.

The work-from-home trend, coupled with more sophisticated cyber attacks, underscore the growing interest in DLP. Research firm Gartner estimated that 90% of organizations implemented at least one form of integrated DLP in 2021, up from 50% in 2017.

How does data loss prevention work?

DLP software monitors, detects and blocks sensitive data from leaving an organization. That means monitoring both data entering the corporate networks, as well as data attempting to exit the network.

Most DLP software products focus on blocking actions. For example, if an employee tried to forward a business email against company policy outside the corporate domain or upload a corporate file to a consumer cloud storage service such as DropBox, permission would be denied.

Also, DLP software can block employee computers from reading and writing to USB thumb drives to prevent unauthorized copying.

Detection primarily centers on monitoring incoming email, looking for suspicious attachments and hyperlinks for phishing attacks. Most DLP software offers organizations the option of flagging inconsistent content for staff to manually examine or block it outright.

In the early days of DLP, security teams set the rules around detection and blocking, but those were simplistic and often circumvented. Newer software uses machine learning-based artificial intelligence, which can learn and improve the approach to detection and blocking over time.

Why is data loss prevention important?

Data loss can result in hefty fines and possibly criminal penalties. It also can negatively affect an organization's business and even put it out of business.

In 2017, the personal and financial information of nearly 150 million people was stolen from an unpatched Equifax database. The company failed to fix the vulnerability promptly, then failed to inform the public of the breach for weeks after it was discovered. In July 2019, the credit agency was fined $575 million.

Data loss could cause executives to lose their jobs. Top execs at Target and Equifax resigned following major data breaches that hurt their companies and cost them millions in fines.

If the fines don't kill a business, the loss of customer and public faith well might. A 2019 report by the National Cyber Security Alliance, based on a Zogby Analytics survey of 1,006 small businesses with up to 500 employees, found that 10% of companies went out of business after suffering a data breach, 25% filed for bankruptcy and 37% experienced a financial loss.

What are the types of data loss prevention?

Network DLP covers a range of data security techniques. These include the following:

Common trends and reasons for DLP adoption

A 2022 Gartner report found that 35% of all DLP implementations fail. Such failure can lead to severe consequences for a business, including fines, penalties and degraded reputation. It's these types of factors that drive DLP adoption, including the following:

Data loss prevention best practices

Organizations can take several steps to implement a DLP program, including the following:

  1. Conduct an inventory and assessment. Businesses can't protect what they don't know they have. A complete inventory is a must. Some DLP products -- from vendors such as Barracuda Networks, Cisco and McAfee -- will do a complete scan of the network.
  2. Classify data. Organizations need a data classification framework for both structured and unstructured data. Such categories include personally identifiable information (PII), financial data, regulatory data and intellectual property.
  3. Establish data handling and remediation policies. The next step after classifying the data is to create policies for handling it. This is especially true with regulated data or in areas with strict rules -- such as Europe with GDPR and California with CCPA.
  4. Implement a single, centralized DLP program. Many organizations implement multiple DLP plans across different departments and business units. This leads to inconsistency of protection and the lack of a full picture of the network. There should be one overarching program.
  5. Educate employees. Unintended actions are far more common than malicious intent. Employee awareness and acceptance of security policies and procedures are critical to DLP.

Data loss prevention tools and technologies

There are two types of DLP products: dedicated and integrated.

Dedicated are standalone products that are in-depth and complex. Integrated products are more basic, work with other security tools regarding policy enforcement and are less expensive than dedicated DLP tools.

DLP software products use business rules to enforce regulatory compliance and classify and protect confidential and critical information. This means unauthorized users cannot accidentally or maliciously share data that poses an organizational risk.

It's doubtful one tool will meet all of an organization's data loss prevention needs. Many DLP vendors have one area of focus, while others have suites of tools that fit together. Businesses can assemble a set of best-of-breed tools or use an all-in-one suite.

Some of the premier vendors include the following:

Learn more about specific data loss prevention tools.

26 Jul 2022

All Rights Reserved, Copyright 1999 - 2024, TechTarget | Read our Privacy Statement